Archives For security trends

Your Client’s Data Value Demands a Response

Last week I spoke at the Oklahoma Technology Symposium at The Cox Convention Center downtown, and then again to business leaders at the Gailaria Country Club north of the city. (Thanks to AnchorPoint Security and Check Point Software.)

The value of your client’s data is rapidly growing, and this was central to both of my presentations.

The Proof is in the Ransomware

People are paying the ransom. They can’t afford not to. Just this morning the WSJ reported another incident, this one related to the Leavine family NASCAR race team. They only paid $500, but $500 for what? The true cost of a breach like this is much greater. The FBI estimates the total cost per incident to be around $333,000! And the incidents of ransomware now four times what they were last year.

If you’re not talking to your clients about ransomware, now is the time. But more than talk is needed. They need answers.

Start by assessing their exposure to this type of attack. Can your client detect it coming in with their current security set up? My guess is that most can’t. That’s a managed services offering right there. Few companies will have the expertise to do this internally. They also need user awareness training. One place to start might be my latest book, Digital Money. It will be out by the end of this month!

The fact is, more data is being created, and just about every business is down when their computers are down. Data defines just about everything, including all of their clients, R&D, projects, finances, etc. Without their data, they’re out of business. What’s that worth?

Do You Know What CIOs Are Struggling With Right Now?

IT Doesn’t…

What would it be worth if you knew something really important, that your IT clients don’t know?

It might lead to that coveted Trusted Advisor status – if you presented it right.

I opened Thursday’s session at SecureWorld Charlotte with “The One Big Mistake Companies Are Making w/ SECURITY”. My session was packed! Standing room only. and a wall full of stand-ups…

I guess people heard me telling funny stories and decided to wonder in from the hall. After all, even technology sessions should be fun to listen to.

But here’s the surprising fact. After assessing who was in my audience (mostly F500 company IT people), I asked for input on the CIOs role in 2016. No one had the right answers! No One! I did get generic answers like, Security. And yes, Gartner and The Wall Street Journal are reporting this. But it’s old news, and only one person in the room raised their hand when I asked who is reading the CIO Journal Section.

No wonder IT has a hard time convincing their leadership to do the right thing. Even when selling internally, good marketing starts “where people are” and takes them “where they need to go.”

Given the walls that exist between IT and executive management, event a great marketer will rarely be heard.

One thing everyone did agree on – their end users are heading toward More IoT, More Cloud, and More BYOD…even those companies that claim to not be doing BYOD, are. People are going to use their phones for email regardless of what the company does. Even if they have to use their gmail account – Ref. Ms. Clinton.

So what are CIOs doing in 2016:

More interaction with the Board.

More involvement in company strategy – because it all hinges on using technology.

More focus on security… (Have your read recent reports on Target’s failure to expand into Canada – blamed on IT mishaps!)

But Also Take Note – IT Budgets and Security are a Challenge:

IT spending is down 5.88% as of Q4, 2015!

IoT spending is up and growing!

Compliance will continue to grow and demand more budget – but won’t make things more secure (in most cases).

Security talent is growing scarce. Only the very large companies will have real security talent…the rest will work for consulting companies. (Meaning the mid and small market needs it from a third-party source.)

Lots to think about in 2016! If you have security answers – this could be a great year for you and your company.

Yesterday at the BEYOND SECURITY kick-off, Lynn Murphy, SVP Westcon, North America opened with some encouraging words from Westcon’s recent strategy meetings – with strong projections for the future. Andrew Warren, VP of Westcon Security shared a strong outlook for security growth in 2014 – citing numerous growing issues which all represent opportunities for growth to those attending this week. Check Point’s Director of Channels and Distribution sales for North America,John Norko, also spoke, giving us an update on where Check Point is headed and what they are doing to help develop a more proactive defense system for this clients (funny to think I was selling Check Point 19 years ago, along with ISS.) It was a great afternoon – and a reunion with many people I’ve worked with over the past 20 years.

Sharing A Vision for Future Change and Growth

This morning, the final day, started with my keynote session at 8:00 AM. Lucky, I am an east coast guy, so the early session was more like mid morning for me.

What is the secret to success in this business? The business of technology sales, reselling hardware and software, consulting on technology projects.?..Simon Sinek shares the need to start with WHY rather than WHAT. Napolean Hill instructs us to Think and Grow Rich. Jim Collins gives us three things: Be the best, be passionate, and develop an economic engine. They’re all right – in a sense they are all pointing to a vision. A true vision that a person is wholly devoted to.

This morning I shared a vision – a vision for what a company could be like if they would really focus on this security space wholeheartedly. The need is great…looking at Target and Neiman Marcus are just small examples of a much larger problem that exists in every company we run into – whether large or small. When you know what you’re doing, and have an excellent solution, suddenly the market isn’t as crowded as it was a day or so ago, when you were selling Networks, servers, and storage.

Out-Pacing Other Technology Areas

Security is big. Andrew Warren shared some growth predictions on the order of 43% for 2014. As I listened to some of these talks I was reminded of the push back I got from resellers five or six years ago when I wrote things like, UC will soon be a commodity with little margin strength left in it (I actually had people in my workshops get mad at me for saying this) – just yesterday, Lynn Murphy called UC a struggling technology area. I turned down a global sales training opportunity for UC technology in 2008 to avoid getting wrapped up in something I knew would not last. Instead, I chose to make security a focus area, while keeping up with some of the other emerging technologies. Security sales have been going strong since 1995 in my experience, and there doesn’t seem to be any slowdown. Those who have struggled to succeed here are simply missing a few key pieces to make it work, or perhaps a unified vision across the leadership to give it the focus it needs.

Big Investments

The fact that IBM, HP, Dell and Cisco are all making big investments in security should tell us something.

What’s the Secret?

So what is the secret to success in the security space for resellers? Well, vision and determination have a lot to do with it – like anything, if you really want to make it work, usually you can. But a vision for what? I think it’s a vision for helping people build the security they really need around the things they really care about. It’s not a product pitch at all. And while we need great security products, and hope that companies like Check Point and Palo Alto,…McAfee, and FireEye, will continue to develop great technology, there has to be someone to understand each company’s unique need. This starts by making a switch from being the VAR to being more the advisor. And this takes vision, mentoring, studying, and passion to make a change that people have been talking about since 1995 – when margins started slipping…It’s time to make that move now.

This week I am working hard on several items for next week – the Ingram Micro Webinar, Undeniable Justification Using Security Assessments, and another Pre-Event Webinar introducing my new ebook and workshop, 7 Secrets to Profitability Using Lunch & Learns and Sales Events (Now sold out – but get on the waiting list!). It’s a busy week – both are coming along nicely and I am looking forward to meeting with you next week to air this important educational material. While preparing and working with the folks at Ingram to get our program organized, I’ve had numerous conversions with clients who use assessments in their sales process. Some are paid for, and some are complementary…Here’s a tip I think a lot of people are missing on fee-based assessments, and as a result, are leaving money on the table – The Security Assessment Subscription. This is something I started doing years ago while selling assessments, and it made a huge difference in both the gross profit I realized and the follow-on project work.

Security Assessment Subscriptions

An assessment measures risk – it’s a measure of impact vs. likelihood. The problem is, it’s a point-in-time measurement, so once it’s over, the risk levels will change over time, and by the time the client decides to do it again, gets it approved, and signs a contract, a year will have gone by. On top of this, many of the remediation recommendations you made will be forgotten long before they make their way through the approval process. You’ll be lucky if they take one of two of your recommendations and actually carry them out. What about the other 4 or 5 critical issues? And then there’s the long list of things that should take place that just never will.

When I started selling assessments, I did something I’ve not seen done by other sales reps. I turned each assessment opportunity in a subscription offer. When an assessment opportunity came up, I worked through the sales process as usual, but then on my proposal, I made it an option to do it as a subscription. I would charge a flat fee for the assessment, let’s say 30K. Then I would tack on a subscription fee of 5K to update it over the next three quarters. Since the documents already exists in the 30K project, there is no need to rewrite the document. The scope is fixed based on the original project. So all we had to do was go in and revisit the original scope – updating new issues, noting remediation recommendations that were never followed, and adjusting the areas they did remediate. The 5K may not represent a great deal of added GP…in fact, it’s kind of a break even deal…but…

It kept me in front of the decision makers for year.

Gave me a chance to remind them to follow through with the recommendations.

Allowed me to uncover new problems requiring attention.

Made me first in line when an issue did arise.

And allowed me to stay on top of any new opportunity that might affect the state of security. (Meaning all new internal projects).

It also allowed me to possibly expand the scope, resulting in a fee increase.

The 5K was large enough to cover my cost, keeping me in there over the year. It was also small enough to create a competitive edge when others proposed their assessments against mine. I was the only one thinking about the year – ongoing security. I proposed it as the default offering, meaning the client had to check a box to not include it, rather than having to add it. That may sound like a manipulation tactic, but the truth is, the company should do it by subscription. Security assessments should be done quarterly. I learned this from the pest control people. Try hiring the termite guy to come out for one visit. He won’t do it. They sell their program by the year, not the visit. The reason is, one treatment isn’t enough…the same is true of the security assessment.

Don’t miss this webinar next Wednesday….I’ll be giving a number of insightful tips like this one to help you grow your business.

Caught by detection, but too late to stop thieves from accessing over 200,000 customer credit card credentials. Citi is a big company under strict federal security guidelines, and compliant as far as we know, at least up until this latest discovery. As I read these reports, I recognize that compliance is needed – companies don’t take action just because there’s a threat. But having worked for one of this country’s largest banks year ago, I know security is taken seriously at firms like Citi. The problem is, you can’t really keep every door closed and locked, every day. Especially when insiders can be paid off. In this case, there is no report of insider cooperation (that doesn’t mean there isn’t any), however we’ve seen this before – a website used as the open door to gain access to sensitive data. The world demands access to their “stuff” through portals, VPNs, and through the use of personal computing devices that now include smart phones and iPads. Can companies really keep data safe? It’s almost impossible to lock down every access point and still provide access. Software has bugs in it, and bugs represent holes to be exploited. Foreseeing this in every case is just not reasonable.

What an we expect going forward?

According to experts – “The expertise behind the attack, … is a sign of what is likely to be a wave of more and more sophisticated breaches by high-tech thieves hungry for credit card numbers and other confidential information.

The “… demand for the data is on the rise. In 2008, the underground market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files. That compared with 3.8 million records stolen in 2010, according to a report by Verizon and the Secret Service, which investigates credit card fraud along with other law enforcement agencies like the Federal Bureau of Investigation.” New York Times…

It’s been some time since Albert Gonzalas made his way into larger companies including the historical breech at TJX. Recent news has focused more on politically motivated attacks by Anonymous and the LulzSec group – attacks that didn’t target financial information and seemed to be motivated by something other than ID Theft. This article brings us back to the bigger issue that has plagued companies for over a decade – tens of thousands of hackers and hacker groups targeting financial information that will in turn be sold online for billions, and in recent reports, over a trillion dollars in revenue.

It would seem that, while companies can be doing a lot to beef up security, it is simply not true that some IT group out there has their company covered. Technology companies must be equipped to address this either internally of through partners. Application providers can greatly increase their value by having security experts on staff, and managed services providers should be approaching their offering from a security point of view. Data center experts, unified communications, SMB resellers and larger enterprise consulting groups; everyone should be thinking – Security.

1. Security provides the most effective means of attracting executive level clients and the primary means of creating new business.

2. Security trends are changing, and while the economy is still not great, security providers who understand these concepts are still growing at rates of 50%, 100%, and greater – I’ll have specific examples of this and how they do it!

3. Urgency is key in a slow economy, and every company has urgent issues – I’ll put you in the center of this!

4. Armed with the right message, focused on the most urgent issues, and equipped to create justification, you’re opportunity for success is much higher in 2011.

5. Creating justification is an essential part of the sales process…there is a prescription for doing this.

6. Assessments are profitable, central to developing larger profit rich projects, and recurring revenue. We’ll dive into this in a way that will get you headed in the right direction.

You get the idea. Your 2011 approach will be strengthened, your confidence will greatly increase as you approach executives, and you’ll have solid justification for getting new/larger budgets approved. I recommend this for anyone serious about selling or marketing in the high-tech space this coming year.